From nobody Thu Aug 03 17:18:55 2023 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RGwYn1Kphz3cV1X for ; Thu, 3 Aug 2023 17:19:09 +0000 (UTC) (envelope-from bakul@iitbombay.org) Received: from mail-pl1-x630.google.com (mail-pl1-x630.google.com [IPv6:2607:f8b0:4864:20::630]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RGwYl6Zswz4gWR for ; Thu, 3 Aug 2023 17:19:07 +0000 (UTC) (envelope-from bakul@iitbombay.org) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=iitbombay-org.20221208.gappssmtp.com header.s=20221208 header.b=cWySMhbJ; spf=pass (mx1.freebsd.org: domain of bakul@iitbombay.org designates 2607:f8b0:4864:20::630 as permitted sender) smtp.mailfrom=bakul@iitbombay.org; dmarc=none Received: by mail-pl1-x630.google.com with SMTP id d9443c01a7336-1bb8a89b975so8373405ad.1 for ; Thu, 03 Aug 2023 10:19:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iitbombay-org.20221208.gappssmtp.com; s=20221208; t=1691083146; x=1691687946; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=VsbjMQu6JPEmWdVuGPraPmruagTKTLiAaNg8mOQ5IEI=; b=cWySMhbJ6lOaFfP8Wejnvr6xR+y4b6uHE4FeiL/paItPThczlqU8HcjQTdGvfKnNhX RX742smz5Y7ZRMBug36pf+sYGnimaIMOegL8EtalTiC47MghAxy+aMNXeGJVX5yQe4wl vkQdHXn4X3pC2dti/ujeTfAUkCP64FE5Jb9Vkdb2i3FWgJ+DmX6+7Q+GwjbOj37OlkRW dTeWZ+ucSNoxLd+RgI7oQS5nJGsxE80mQzhAjDn5XaJnVfFhXSIyQfb/6PXy4YvNiH6E /evYMM41b67OEifvmmSHZgcttpwYzAn79CPMTivj2FUT/updh3uppnS0d9Bd/zg3V78Z TMjw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691083146; x=1691687946; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VsbjMQu6JPEmWdVuGPraPmruagTKTLiAaNg8mOQ5IEI=; b=d6/x4In0lKg+Wp5EYAW04FvY7SyPac+8LoOWxuHtiP3Xs09pspedTyR/iUmS+FcRQ2 Ut5PbkuUAEAUquz1CH8OatTZk2F9uvgbgVTadkseMI7hGlBpEzJ1h3v4Q9i8ZBJHkk1d wpNcB0W3RcKfe5xDl9j85enyxffEq3Eepx6Nw9SV8XcIASC1zJLKAkxAe9bTY17zmDOP 88Z5ilWVaHjwZ96g2+x+j4fT85WTzJ58q2YN56BBny45CSgYElFe+CS9y8i9+nVLfqN3 8WOfoX9emX1dYXJMZazP18q8SsP8KXK6PnRbqg3Q+RhJk1JWd5iAHM8+PjGJtN3WNsuZ L9Qg== X-Gm-Message-State: AOJu0YxcJ3Y7cg1esRiAP72vvnthhvA/QnYAH6Ss6/fNU05V5MUhXhvp gaRukaeoOO/1LINIURQzY0YKz8ql7sVAgONAItE= X-Google-Smtp-Source: AGHT+IHiKwkrl2qUmjcHoc/EKyOt3hHEXMrMp01o/zyp2aAKXi3CQmVxL0ucL07Ik9R8edTxGgS5Jw== X-Received: by 2002:a17:903:2789:b0:1bc:3f9b:d96 with SMTP id jw9-20020a170903278900b001bc3f9b0d96mr2131578plb.49.1691083146455; Thu, 03 Aug 2023 10:19:06 -0700 (PDT) Received: from smtpclient.apple (107-215-223-229.lightspeed.sntcca.sbcglobal.net. [107.215.223.229]) by smtp.gmail.com with ESMTPSA id f5-20020a17090274c500b001b3d0aff88fsm123963plt.109.2023.08.03.10.19.05 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 03 Aug 2023 10:19:06 -0700 (PDT) Content-Type: text/plain; charset=us-ascii List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\)) Subject: Re: Is there a FreeBSD equivalent of 'tcpdump -i any' from Linux? From: Bakul Shah In-Reply-To: <826851ce2108b23515f81a8aca8d9b0e@vvelox.net> Date: Thu, 3 Aug 2023 10:18:55 -0700 Cc: net@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <196DA088-B99A-4A54-B06F-ACA0641C7559@iitbombay.org> References: <826851ce2108b23515f81a8aca8d9b0e@vvelox.net> To: Zane C B-H X-Mailer: Apple Mail (2.3731.600.7) X-Spamd-Result: default: False [0.00 / 15.00]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_SHORT(-1.00)[-1.000]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; R_DKIM_ALLOW(-0.20)[iitbombay-org.20221208.gappssmtp.com:s=20221208]; MIME_GOOD(-0.10)[text/plain]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::630:from]; MLMMJ_DEST(0.00)[net@freebsd.org]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; MIME_TRACE(0.00)[0:+]; DKIM_TRACE(0.00)[iitbombay-org.20221208.gappssmtp.com:+]; DMARC_NA(0.00)[iitbombay.org]; RCVD_COUNT_TWO(0.00)[2]; FREEFALL_USER(0.00)[bakul]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; FROM_HAS_DN(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[net@freebsd.org]; TO_DN_SOME(0.00)[]; ARC_NA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[] X-Spamd-Bar: / X-Rspamd-Queue-Id: 4RGwYl6Zswz4gWR Not quite what you asked for but I recently found = https://github.com/gcla/termshark -- it seems to be like wireshark but = for a terminal window. Like tcpdump it has the -D option that will = return a list of interfaces. If you are handy with go programming, you = may wish to consider enhancing it to listen to multiple interfaces. It = is under 1400 lines of code. May be you can use one goroutine per = interface and then each can feed packets to the display goroutine over a = go channel. [I haven't actually dug into the code, but this is how I = would go about it -- but first check that libpcap is reentrant] > On Aug 1, 2023, at 11:21 AM, Zane C B-H wrote: >=20 > So what is a good way to get all packets passing through that the = kernel currently sees? Apparently any is not support on non-Linux = systems and pflog would require adding log to all rules. Similarly only = logs packets that match a rule. >=20